Add access control for entering data (#67)

* Add access control for entering data * Revert applicaton-prod.properties * Add remember me function * Next try for remember me * Cleanup * Add access control for entering data * Revert applicaton-prod.properties * Fix style --------- Co-authored-by: Anton Micke <anton.micke@gmail.com>
2026-03-11 05:21:07 +01:00 · 2025-07-02 15:21:44 +02:00
parent a30c616f3f
commit 4e34672cc0
2 changed files with 20 additions and 2 deletions
--- a/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java
+++ b/src/main/java/org/kickerelo/kickerelo/views/Enter1vs1View.java
@@ -6,10 +6,12 @@ import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
+import org.kickerelo.kickerelo.util.AccessControlService;

 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
 import com.vaadin.flow.component.html.H2;
+import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
@@ -19,7 +21,14 @@ import com.vaadin.flow.router.Route;
@Route("enter1vs1")
 public class Enter1vs1View extends VerticalLayout {

-    public Enter1vs1View(KickerEloService eloService) {
+    public Enter1vs1View(KickerEloService eloService, AccessControlService accessControlService) {
+        // Deny access if user isn't part of the Kicker User group
+        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
+            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+            getUI().ifPresent(ui -> ui.navigate(""));
+            return;
+        }
+
        H2 subheading = new H2("1 vs 1 Ergebnis");

        ComboBox<Spieler> winnerSelect = new ComboBox<>("Gewinner");
--- a/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java
+++ b/src/main/java/org/kickerelo/kickerelo/views/Enter2vs2View.java
@@ -6,10 +6,12 @@ import org.kickerelo.kickerelo.exception.InvalidDataException;
 import org.kickerelo.kickerelo.exception.NoSuchPlayerException;
 import org.kickerelo.kickerelo.exception.PlayerNameNotSetException;
 import org.kickerelo.kickerelo.service.KickerEloService;
+import org.kickerelo.kickerelo.util.AccessControlService;

 import com.vaadin.flow.component.button.Button;
 import com.vaadin.flow.component.combobox.ComboBox;
 import com.vaadin.flow.component.html.H2;
+import com.vaadin.flow.component.html.Paragraph;
 import com.vaadin.flow.component.notification.Notification;
 import com.vaadin.flow.component.notification.NotificationVariant;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
@@ -18,7 +20,14 @@ import com.vaadin.flow.router.Route;

@Route("enter2vs2")
 public class Enter2vs2View extends VerticalLayout {
-    public Enter2vs2View(KickerEloService eloService) {
+    public Enter2vs2View(KickerEloService eloService, AccessControlService accessControlService) {
+        // Deny access if user isn't part of the Kicker User group
+        if (!accessControlService.userAllowedForRole("Kicker User") && !accessControlService.userAllowedForRole("Kicker Admin")) {
+            add(new Paragraph("Du bist nicht berechtigt, diese Seite zu sehen."));
+            getUI().ifPresent(ui -> ui.navigate(""));
+            return;
+        }
+
        H2 subheading = new H2("2 vs 2 Ergebnis");

        ComboBox<Spieler> winnerFrontSelect = new ComboBox<>("Gewinner vorne");